Here in the US, footage from private cameras can be obtained with a search warrant, or for civil cases, a motion of discovery can be made, with threats of criminal charges coming next should the footage not be present. At best, one can say they have a destruction policy of x days of footage to protect themselves.
So, in an indirect way, cameras are often linked together, as an attorney or DA can demand footage from a number of places to put together a gestalt base of evidence.
By default, Exchange 2007 has POP3 and IMAP services disabled out of the box. An administrator has to run services.msc and change their states from disabled to automatic, and start them. SMTP to the Internet also is disabled and needs to be explicitly enabled, and a command run to get anti-spam agents enabled and running. However, this is not out of malice, this is just a basic common sense "ship as few possibly hackable features running out of the box as possible, let the customer enable what he/she needs" philosophy.
Once the services are enabled, Exchange 2007 is as good a POP/IMAP server as anything out there. Thunderbird works well with it. Of course, both the POP and IMAP servers support SSL/TLS.
Maybe some Windows admins are trained to only allow Outlook to connect, but it takes almost no time at all to allow other E-mail clients such as Thunderbird or mail.app to work without any issues.
I don't get how DRM will foil counterfeiters. Existing laws do a good job as it is, and the big shops will just haxxor their way around any DRM to sell their knockoffs anyway. People will find a way around it, just like they have with every other DRM method out there, since the days of using nonstandard track and sector codes on the Apple 2.
The person that loses with DRM being extended to clothing? The paying customer of course.
Yes, there are other ways to cool without a compressor, but they are in a lot of cases nowhere as energy efficient as the tried and true way of compression/evaporation. For example, peltiers can do cooling, but they take a lot more power and produce less temperature differential than the standard methods.
Some things can scale, but there are other things that really can't be enlarged. For example, ionizing air currents. Yes, it works on a small scale to move air through a Sharper Image filter, but you couldn't effectively push the air through a house's HVAC system with just thin wires and a high potential difference.
If this belt technology can be scaled up to generate kilowatts as opposed to milliwatts, it would have a real use. Otherwise, its similar to small solar panel technology in the 1980s -- will power a small motor or a clock, but that's basically it. It may at best end up a niche product as something to power remotely located low-wattage computers, such as weather stations in heavy forest.
A couple months ago, I had a prospective employer demand the URL of my MySpace or Facebook profile. He was absolutely perplexed that I had neither, nor a blog showing my innermost secrets to any Internet passerbys. I just could not convince the guy that I don't have a profile, and he kept assuming I had some secret one somewhere.
I should just create a profile on my private website, and have MySpace/Facebook just point to that.
I don't know about BES as much, but in Exchange, you can trigger the remote wipe function two ways. The user can do it by logging into Outlook Web Access (usually www.blarf.com/owa), hitting options, finding their device and selecting it to be wiped. The Exchange admin can also do it from the management console. You get a confirmation once the device is wiped, so you can delete the device from the "wipe as soon as it connects" list and repurpose if you recover it.
Exchange's wipe works because the device periodically hits the Exchange server over a SSL connection. Here, the Exchange server can tell the smartphone/PDA/PocketPC to wipe itself. For someone to make a fake remote wipe, it would take spoofing both the domain name and URL of the Exchange server, as well as either compromising the SSL key of the IIS service or one of the top level root CA keys.
There is also the fact that a lot of MMO companies have to get updates for features or new content out posthaste, and in some cases, regression testing to check if new code broke older code falls by the wayside.
Even worse is that most MMO clients require administrative rights. I generally don't champion WoW, but this is something Blizzard got right -- the client (and the Warden) always runs in user mode unless it is downloading and updating a new patch (where it requires admin rights to write to the Program Files directory.) Other MMO clients just won't run if you don't give them the keys to the system.
I remember some of the first MUDs I was on. Gear was important, but what was even more important was making sure skills, from the basic heal spells of a cleric, to a thief's pick lock skill were up to par. If they weren't, soloing and grouping were difficult, even with the best gear available.
What I'd like to see in newer MMOs would be something like EQ1's AA system, where even if your gear is absolute crap, if you have the AA points from grinding, you can hold your own on raids and such. The closest to this in WoW are faction grinds.
With WoW, pretty much any PvP encounter is a gear check. Skill plays virtually zero part in the game. You level to 70, get flattened in the BGs repeatedly until you get enough gear with res on it so you get flattened less and less. Then, you head to the arenas, where you try to at least a few wins for your weekly point income, and hope your personal arena rating doesn't sink too low.
The reason Apple does not like Mac clones is not because they make profit selling OS X as much, but they make profit selling Macs.
Apple has been burned with Mac clones before, in the days of Power Computing and such, where one of the things they did when turning around the company in the mid to late 1990s was eventually buy them up.
I don't think Apple will ever allow legit licensed Mac clones ever again, regardless of percentage of royalties they get.
I really can't tag the blame all on Microsoft. There is one lurking variable that few people realize:
The developer community attitudes.
Mac developers are loyal to the platform, they don't like it when Apple changes APIs or does a fundamental change such as a new CPU architecture, but they deal with it.
Linux developers are similar. If its for the good of the OS, they will adapt to changes. The a.out to elf executable format change in ages past is a good example.
Windows, its a totally different attitude. Loyalty isn't really a factor in a lot of cases, although there are a number of people who are loyal to the platform. A lot of dev houses are only on Windows because it pays the bills. This is why some Windows devs are hostile to any changes, even ones which are fundamentally increasing platform security. Look how long it took for a lot of Windows apps to just work as a user and not require admin privs. This isn't really MS's fault, its mainly because Windows is the most popular platform out there.
This attitude also reflects into malware writing. Because there are a lot of people who are not really caring about the platform, they don't have hesitations about writing malicious code.
Actually, DRM is more akin having security guards affix handcuffs, belly chains, leg irons, and a spit mask on all customers entering a shop. Yes, if one's customers have their hands cuffed behind their back, and their feet shackled to a shopping cart, they are not going to be shoplifting... but they are not going to be darkening the door of the store unless they have that sort of fetish.
The reason why pickability (or lack therof) is important is because insurance companies will, in general, cover theft if windows are broken, doors are crowbared, or there is obvious signs of forced entry. Of course, if the person breaking in is caught, its easy to tag them with breaking and entering charges.
If a lock is picked, other than maybe some scratches, there is no evidence, so its harder to get insurance companies to cover losses if someone picks a door or padlock. Its also a lot harder to charge someone with burglary or breaking an entering if they bumped or picked a door open, then hid the tools.
I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.
It uses no pins or springs, so bumping is useless. Vibrating the key isn't going to magically move the detainer disks into position. Picking it requires a different technique altogether than pin tumbler locks.
So far, if I recall right, the best picking record for PROTEC cylinders took over 10-11 hours.
Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.
One Caveat about BitLocker though. If you are adding roles in Windows Server 2008, disable BitLocker (no need to decrypt all volumes, just disable it), then re-enable it. If you don't, the TPM will consider the changes as unauthorized modifications, requiring the recovery key.
All and all, BitLocker is decent security, especially for both laptops, and servers in physically insecure locations (Exchange servers in branch offices, Active Directory replicas being used by contractors in call centers.) Just make sure to have your recovery keys to volumes either safely stored in the Active Directory schema, or some safe place just in case the TPM doesn't unlock the drive on boot.
I use all three, PGP Whole Disk Encryption on one machine, TrueCrypt on another, and one server has a TPM, so it, and its RAID arrays are BitLocker protected.
Each addresses slightly different security concerns. If you want to encrypt your disk with a password, and that's all you need, any of these will do the trick. If you want a hardware cryptographic token, so a thief can't obtain your encryption key by brute force, go with PGP Whole Disk Encryption, or BitLocker that supports a TPM with PIN functionality.
BitLocker is probably the easiest to implement, as you just install it, run software to check and partition the root disk. Then, save the recovery key on a USB flash drive (well away from the laptop). You can also save the recovery key on a TrueCrypt volume too. Once Bitlocker is enabled, the security of the machine will be the user passwords (especially any user with Administrator rights.) Make sure you have a decently long (16 characters, preferably more than 20) password to log on with. If you use BitLocker with a PIN and the TPM, you can get away with shorter user passwords if you hibernate or shut down.
Disadvantage of BitLocker -- Requires a TPM for decently secure functionality. TPM enabled laptops are rare, and desktops are rarer still, unless you explicitly buy a motherboard with one, or a "corporate" desktop.
TrueCrypt is a very good solution. It is licensed at no charge (donations are recommended), and is very secure. However, its intended for a single user machine. Using multiple passwords with it is kludgy at best. However for a single user, its very secure once enabled, and you burn a TC recovery CD.
PGP Whole Disk Encryption is the most versatile. It can use a TPM, USB flash drive, smart card, eToken, or none of the above, and use multiple ones in a list to authenticate for a hard disk to work. For example, my laptop has an eToken for hardware security, but as an emergency, I have a very long recovery passphrase if the eToken gets lost or someone locks it by too many guesses. Another example is a friend of mine who has a TPM on his laptop, but if that fails for some reason, he has two eToken keys as backup. PGP Whole Disk has a very good reputation, and is by far best solution for a business IT environment.
For email that was decrypted on their servers using the Outlook plugin, they were pretty much forced to hand it over or be shut down bu the Powers that Be in their country.
Hushmail offers one service that no other E-mail company provides -- decryption of E-mails on the local client. I can sit at any machine that has a JVM and that is trusted to not have a keylogger, log onto Hushmail, and decrypt any new mail locally. The mail remains encrypted on Hushmail's servers.
Another advantage of Hushmail is their nym service. Not nyms with the same prefix like Yahoo's that someone can figure out are owned by a single person, but pretty much any name. This comes into handy when dealing with suspect people who you want to interact with E-mail, but whom you do not want to risk having them know who you are really are or have your real E-mail to spam (Craigslist transactions for example.)
It seems that every ten years, someone re-invents the thin client.
First it was dumb terminals connected to a mainframe, then to a serial port box so one can connect to a UNIX box. Then came XStations which used various (direct, indirect, broadcast) forms of XDMCP to find a host to download microcode and run apps from. Then, it was JavaStations where people talked about fast broadband access to stuff on the ISP's server, and not to worry about all their private documents being stored offsite.
This just seems like more of the same, perhaps an offshoot of cloud computing. It will work for a couple niches here and there, but as a whole, Net based operating systems will fail, as people want to keep their stuff private on their own systems.
Same disadvantages apply. Security of stored files for example -- I trust my external TrueCrypt encrypted drive that uses both a long passphrase and a set of keyfiles a lot more to securely store my Word documents than I do some random ISP's computer.
Thanks for the fit-PC link. It looks to be like the ultimate firewall box, with two independent 10/100 ports out.
This is something what the Cherry Pal people should have done -- make their box with multiple interfaces, and perhaps an ExpressCard jack for more expansion. Then, I know people would buy the box just to have a solid, customizable firewall, and perhaps be used as a NAS head if someone wanted to plug in an eSATA card and an external drive. Adding wireless would be a plus too.
However, for $50 more at Wal-Mart, I can pick up an el cheapo Compaq sporting basic sound, 512MB of RAM, and a hard disk good enough to put a modern distro of Linux on it and have it work as a decent box. No, it won't boot in 5 seconds, but it will do a lot more for not that much more outlay.
If Cherry Pal could kick the price down to $100 or so, that would be an alternative, but right now, unless one wants a highly portable cheap computer (which for $50-$100 more, an EeePC can do the job with a monitor), this computer has a hard market to crack into.
I hope they release the content after WAR goes online, but I have a sneaking suspician that these cities which are cut out will end up being put in the game as an "expansion".
The mistake Intel made was doing such a big jump with their Itanium line, with no 32 bit x86 compatibility. AMD extended the 32 bit x86 with 64 bit instructions, so people could continue running 32 bit code without issue.
IMHO, The Itanium architecture is way far better than the AMD64, with 128 registers for integers, and 128 registers for floating point, but because it couldn't run 32 bit x86 code natively, it has not obtained much marketshare other than for enterprise servers, where x86 compatibility doesn't matter. In this niche, it mainly competes with Solaris and AIX machines, most likely running either Windows Server 2008, or RedHat Enterprise.
Does eSATA have this issue where one can plug in something into an external SATA port, then be able to dump the memory of a local computer to fish out encryption keys?
Of course, its pretty much game over if the bad guys get physical access to the machine, but disabling IEEE 1394 will slow them down at least, forcing them to try to find another bus to hotplug onto for the RAM dump (PCI, PCI-e.)
SAN drives are also generally smaller in capacity, around the 250 GB range, and a 2.5" form factor. The reason for this is to maximize the spindle count. For example, having five 250GB drives with RAID 5, each running at 10,000 RPM can handle a lot more I/O (especially random seeks) than one 1TB 3.5" SATA drive. SAN drives also have a lot more cache. The reason that a most SAN companies have moved to 2.5" for their drives is because even though the platters have less capacity, the data is faster to get to on a physical basis, and case engineers have more room to engineer around the drives, especially in 1U rack enclosures than 3.5" drives.
Enterprise drives are definitely more expensive, but in this case, one gets what they pay for -- a lot more speed (especially with large, random seeks), and decent redundancy. The drives themselves are in the million to 1.4 million hour MTBF range, while consumer level drives, either don't have a rating, or the MTBF is hard to find, so the best guess is 250,000 to 500,000 hours, although some drives do have a million hour MTBF.
The key is to figure out the task at hand, and one's budget, and decide that way. Some tasks, just hooking up drives to the motherboard and using software RAID is more than workable. Other tasks are so time dependent that one has to have full hardware RAID with as many low-capacity spindles as possible to distribute the I/O far and wide. This is why Flash drives are making a good dent in the enterprise RAID market -- they are not perfect, but there is zero time wasted waiting for the head to move, and the right sector to float by.
This is an excellent idea. I know Retrospect allows for one to test not just the whole backup set, but whatever is new on the set to detect bad data on recent info.
Backups require a chain of items to work correctly come restore time. You have to have something to read the backup media if its stored on CDs, DVDs, or tapes. You have to have the correct software and version of software. You also have to be able to get a dead machine in some state to be able to be restored, either by booting an OS or BartPE CD to start a restore, installing a temporary copy of the OS to recover over, or booting another instance of the OS from an external hard disk to restore to the original OS's volumes.
I have seen people backup religiously, test their stuff, then when disaster strikes, they find their trusty tape drive has a sync or timing problem, so all the tapes written on that tape drive only work on that drive and no other drives. I've seen other people backup religiously onto stacks of CD-Rs, only to discover that nobody makes the software that can read it come 5 years later, the backup software company is out of business that makes the software, and a copy of archival data is needed for tax reasons.
If you want to be sure of your backups, use more than one method of backing your stuff up. I know some companies who back up their production critical server data four ways, with two tape autochangers hanging off from each critical server. One backup is done over the network via Networker. The machines sport a local copy of Backup Exec with bare metal restore ability, and periodically dump themselves completely to the local library. Then, the database program backs itself up to its own tape library, and the tapes changed weekly and stored offsite (encrypted, of course). Finally, the database archive logs are saved to disk, and are copied via rsync to an offsite location every so often. This helps mitigate damage should in the future tape hardware become unavailable, or other bad stuff happen. Worst comes to worst, the offsite host with the archive logs can be made into a database server.
Here in the US, footage from private cameras can be obtained with a search warrant, or for civil cases, a motion of discovery can be made, with threats of criminal charges coming next should the footage not be present. At best, one can say they have a destruction policy of x days of footage to protect themselves.
So, in an indirect way, cameras are often linked together, as an attorney or DA can demand footage from a number of places to put together a gestalt base of evidence.
By default, Exchange 2007 has POP3 and IMAP services disabled out of the box. An administrator has to run services.msc and change their states from disabled to automatic, and start them. SMTP to the Internet also is disabled and needs to be explicitly enabled, and a command run to get anti-spam agents enabled and running. However, this is not out of malice, this is just a basic common sense "ship as few possibly hackable features running out of the box as possible, let the customer enable what he/she needs" philosophy.
Once the services are enabled, Exchange 2007 is as good a POP/IMAP server as anything out there. Thunderbird works well with it. Of course, both the POP and IMAP servers support SSL/TLS.
Maybe some Windows admins are trained to only allow Outlook to connect, but it takes almost no time at all to allow other E-mail clients such as Thunderbird or mail.app to work without any issues.
I don't get how DRM will foil counterfeiters. Existing laws do a good job as it is, and the big shops will just haxxor their way around any DRM to sell their knockoffs anyway. People will find a way around it, just like they have with every other DRM method out there, since the days of using nonstandard track and sector codes on the Apple 2.
The person that loses with DRM being extended to clothing? The paying customer of course.
Yes, there are other ways to cool without a compressor, but they are in a lot of cases nowhere as energy efficient as the tried and true way of compression/evaporation. For example, peltiers can do cooling, but they take a lot more power and produce less temperature differential than the standard methods.
Some things can scale, but there are other things that really can't be enlarged. For example, ionizing air currents. Yes, it works on a small scale to move air through a Sharper Image filter, but you couldn't effectively push the air through a house's HVAC system with just thin wires and a high potential difference.
If this belt technology can be scaled up to generate kilowatts as opposed to milliwatts, it would have a real use. Otherwise, its similar to small solar panel technology in the 1980s -- will power a small motor or a clock, but that's basically it. It may at best end up a niche product as something to power remotely located low-wattage computers, such as weather stations in heavy forest.
A couple months ago, I had a prospective employer demand the URL of my MySpace or Facebook profile. He was absolutely perplexed that I had neither, nor a blog showing my innermost secrets to any Internet passerbys. I just could not convince the guy that I don't have a profile, and he kept assuming I had some secret one somewhere.
I should just create a profile on my private website, and have MySpace/Facebook just point to that.
I don't know about BES as much, but in Exchange, you can trigger the remote wipe function two ways. The user can do it by logging into Outlook Web Access (usually www.blarf.com/owa), hitting options, finding their device and selecting it to be wiped. The Exchange admin can also do it from the management console. You get a confirmation once the device is wiped, so you can delete the device from the "wipe as soon as it connects" list and repurpose if you recover it.
Exchange's wipe works because the device periodically hits the Exchange server over a SSL connection. Here, the Exchange server can tell the smartphone/PDA/PocketPC to wipe itself. For someone to make a fake remote wipe, it would take spoofing both the domain name and URL of the Exchange server, as well as either compromising the SSL key of the IIS service or one of the top level root CA keys.
There is also the fact that a lot of MMO companies have to get updates for features or new content out posthaste, and in some cases, regression testing to check if new code broke older code falls by the wayside.
Even worse is that most MMO clients require administrative rights. I generally don't champion WoW, but this is something Blizzard got right -- the client (and the Warden) always runs in user mode unless it is downloading and updating a new patch (where it requires admin rights to write to the Program Files directory.) Other MMO clients just won't run if you don't give them the keys to the system.
I remember some of the first MUDs I was on. Gear was important, but what was even more important was making sure skills, from the basic heal spells of a cleric, to a thief's pick lock skill were up to par. If they weren't, soloing and grouping were difficult, even with the best gear available.
What I'd like to see in newer MMOs would be something like EQ1's AA system, where even if your gear is absolute crap, if you have the AA points from grinding, you can hold your own on raids and such. The closest to this in WoW are faction grinds.
With WoW, pretty much any PvP encounter is a gear check. Skill plays virtually zero part in the game. You level to 70, get flattened in the BGs repeatedly until you get enough gear with res on it so you get flattened less and less. Then, you head to the arenas, where you try to at least a few wins for your weekly point income, and hope your personal arena rating doesn't sink too low.
The reason Apple does not like Mac clones is not because they make profit selling OS X as much, but they make profit selling Macs.
Apple has been burned with Mac clones before, in the days of Power Computing and such, where one of the things they did when turning around the company in the mid to late 1990s was eventually buy them up.
I don't think Apple will ever allow legit licensed Mac clones ever again, regardless of percentage of royalties they get.
I really can't tag the blame all on Microsoft. There is one lurking variable that few people realize:
The developer community attitudes.
Mac developers are loyal to the platform, they don't like it when Apple changes APIs or does a fundamental change such as a new CPU architecture, but they deal with it.
Linux developers are similar. If its for the good of the OS, they will adapt to changes. The a.out to elf executable format change in ages past is a good example.
Windows, its a totally different attitude. Loyalty isn't really a factor in a lot of cases, although there are a number of people who are loyal to the platform. A lot of dev houses are only on Windows because it pays the bills. This is why some Windows devs are hostile to any changes, even ones which are fundamentally increasing platform security. Look how long it took for a lot of Windows apps to just work as a user and not require admin privs. This isn't really MS's fault, its mainly because Windows is the most popular platform out there.
This attitude also reflects into malware writing. Because there are a lot of people who are not really caring about the platform, they don't have hesitations about writing malicious code.
Actually, DRM is more akin having security guards affix handcuffs, belly chains, leg irons, and a spit mask on all customers entering a shop. Yes, if one's customers have their hands cuffed behind their back, and their feet shackled to a shopping cart, they are not going to be shoplifting... but they are not going to be darkening the door of the store unless they have that sort of fetish.
The reason why pickability (or lack therof) is important is because insurance companies will, in general, cover theft if windows are broken, doors are crowbared, or there is obvious signs of forced entry. Of course, if the person breaking in is caught, its easy to tag them with breaking and entering charges.
If a lock is picked, other than maybe some scratches, there is no evidence, so its harder to get insurance companies to cover losses if someone picks a door or padlock. Its also a lot harder to charge someone with burglary or breaking an entering if they bumped or picked a door open, then hid the tools.
I don't know about Medeco 3, but one lock mechanism that was out in other countries for almost four years before making it to the US which is quite pick resistant is Abloy's PROTEC cylinder.
It uses no pins or springs, so bumping is useless. Vibrating the key isn't going to magically move the detainer disks into position. Picking it requires a different technique altogether than pin tumbler locks.
So far, if I recall right, the best picking record for PROTEC cylinders took over 10-11 hours.
Of course, if you want the best in anti pick protection, purchase either an Abloy or Mul-T-Lock Cliq lock. It has a pick resistant mechanical key, as well as a small chip and solenoid with a challenge/response system. If someone does make a key impression, it won't help much. However, for $500 a cylinder, its pricy.
One Caveat about BitLocker though. If you are adding roles in Windows Server 2008, disable BitLocker (no need to decrypt all volumes, just disable it), then re-enable it. If you don't, the TPM will consider the changes as unauthorized modifications, requiring the recovery key.
All and all, BitLocker is decent security, especially for both laptops, and servers in physically insecure locations (Exchange servers in branch offices, Active Directory replicas being used by contractors in call centers.) Just make sure to have your recovery keys to volumes either safely stored in the Active Directory schema, or some safe place just in case the TPM doesn't unlock the drive on boot.
I use all three, PGP Whole Disk Encryption on one machine, TrueCrypt on another, and one server has a TPM, so it, and its RAID arrays are BitLocker protected.
Each addresses slightly different security concerns. If you want to encrypt your disk with a password, and that's all you need, any of these will do the trick. If you want a hardware cryptographic token, so a thief can't obtain your encryption key by brute force, go with PGP Whole Disk Encryption, or BitLocker that supports a TPM with PIN functionality.
BitLocker is probably the easiest to implement, as you just install it, run software to check and partition the root disk. Then, save the recovery key on a USB flash drive (well away from the laptop). You can also save the recovery key on a TrueCrypt volume too. Once Bitlocker is enabled, the security of the machine will be the user passwords (especially any user with Administrator rights.) Make sure you have a decently long (16 characters, preferably more than 20) password to log on with. If you use BitLocker with a PIN and the TPM, you can get away with shorter user passwords if you hibernate or shut down.
Disadvantage of BitLocker -- Requires a TPM for decently secure functionality. TPM enabled laptops are rare, and desktops are rarer still, unless you explicitly buy a motherboard with one, or a "corporate" desktop.
TrueCrypt is a very good solution. It is licensed at no charge (donations are recommended), and is very secure. However, its intended for a single user machine. Using multiple passwords with it is kludgy at best. However for a single user, its very secure once enabled, and you burn a TC recovery CD.
PGP Whole Disk Encryption is the most versatile. It can use a TPM, USB flash drive, smart card, eToken, or none of the above, and use multiple ones in a list to authenticate for a hard disk to work. For example, my laptop has an eToken for hardware security, but as an emergency, I have a very long recovery passphrase if the eToken gets lost or someone locks it by too many guesses. Another example is a friend of mine who has a TPM on his laptop, but if that fails for some reason, he has two eToken keys as backup. PGP Whole Disk has a very good reputation, and is by far best solution for a business IT environment.
You can't go wrong with any of the three listed.
For email that was decrypted on their servers using the Outlook plugin, they were pretty much forced to hand it over or be shut down bu the Powers that Be in their country.
Hushmail offers one service that no other E-mail company provides -- decryption of E-mails on the local client. I can sit at any machine that has a JVM and that is trusted to not have a keylogger, log onto Hushmail, and decrypt any new mail locally. The mail remains encrypted on Hushmail's servers.
Another advantage of Hushmail is their nym service. Not nyms with the same prefix like Yahoo's that someone can figure out are owned by a single person, but pretty much any name. This comes into handy when dealing with suspect people who you want to interact with E-mail, but whom you do not want to risk having them know who you are really are or have your real E-mail to spam (Craigslist transactions for example.)
It seems that every ten years, someone re-invents the thin client.
First it was dumb terminals connected to a mainframe, then to a serial port box so one can connect to a UNIX box.
Then came XStations which used various (direct, indirect, broadcast) forms of XDMCP to find a host to download microcode and run apps from.
Then, it was JavaStations where people talked about fast broadband access to stuff on the ISP's server, and not to worry about all their private documents being stored offsite.
This just seems like more of the same, perhaps an offshoot of cloud computing. It will work for a couple niches here and there, but as a whole, Net based operating systems will fail, as people want to keep their stuff private on their own systems.
Same disadvantages apply. Security of stored files for example -- I trust my external TrueCrypt encrypted drive that uses both a long passphrase and a set of keyfiles a lot more to securely store my Word documents than I do some random ISP's computer.
Thanks for the fit-PC link. It looks to be like the ultimate firewall box, with two independent 10/100 ports out.
This is something what the Cherry Pal people should have done -- make their box with multiple interfaces, and perhaps an ExpressCard jack for more expansion. Then, I know people would buy the box just to have a solid, customizable firewall, and perhaps be used as a NAS head if someone wanted to plug in an eSATA card and an external drive. Adding wireless would be a plus too.
I agree that it has a nice size.
However, for $50 more at Wal-Mart, I can pick up an el cheapo Compaq sporting basic sound, 512MB of RAM, and a hard disk good enough to put a modern distro of Linux on it and have it work as a decent box. No, it won't boot in 5 seconds, but it will do a lot more for not that much more outlay.
If Cherry Pal could kick the price down to $100 or so, that would be an alternative, but right now, unless one wants a highly portable cheap computer (which for $50-$100 more, an EeePC can do the job with a monitor), this computer has a hard market to crack into.
I hope they release the content after WAR goes online, but I have a sneaking suspician that these cities which are cut out will end up being put in the game as an "expansion".
I hope not.
The mistake Intel made was doing such a big jump with their Itanium line, with no 32 bit x86 compatibility. AMD extended the 32 bit x86 with 64 bit instructions, so people could continue running 32 bit code without issue.
IMHO, The Itanium architecture is way far better than the AMD64, with 128 registers for integers, and 128 registers for floating point, but because it couldn't run 32 bit x86 code natively, it has not obtained much marketshare other than for enterprise servers, where x86 compatibility doesn't matter. In this niche, it mainly competes with Solaris and AIX machines, most likely running either Windows Server 2008, or RedHat Enterprise.
This gets me wondering:
Does eSATA have this issue where one can plug in something into an external SATA port, then be able to dump the memory of a local computer to fish out encryption keys?
Of course, its pretty much game over if the bad guys get physical access to the machine, but disabling IEEE 1394 will slow them down at least, forcing them to try to find another bus to hotplug onto for the RAM dump (PCI, PCI-e.)
SAN drives are also generally smaller in capacity, around the 250 GB range, and a 2.5" form factor. The reason for this is to maximize the spindle count. For example, having five 250GB drives with RAID 5, each running at 10,000 RPM can handle a lot more I/O (especially random seeks) than one 1TB 3.5" SATA drive. SAN drives also have a lot more cache. The reason that a most SAN companies have moved to 2.5" for their drives is because even though the platters have less capacity, the data is faster to get to on a physical basis, and case engineers have more room to engineer around the drives, especially in 1U rack enclosures than 3.5" drives.
Enterprise drives are definitely more expensive, but in this case, one gets what they pay for -- a lot more speed (especially with large, random seeks), and decent redundancy. The drives themselves are in the million to 1.4 million hour MTBF range, while consumer level drives, either don't have a rating, or the MTBF is hard to find, so the best guess is 250,000 to 500,000 hours, although some drives do have a million hour MTBF.
The key is to figure out the task at hand, and one's budget, and decide that way. Some tasks, just hooking up drives to the motherboard and using software RAID is more than workable. Other tasks are so time dependent that one has to have full hardware RAID with as many low-capacity spindles as possible to distribute the I/O far and wide. This is why Flash drives are making a good dent in the enterprise RAID market -- they are not perfect, but there is zero time wasted waiting for the head to move, and the right sector to float by.
This is an excellent idea. I know Retrospect allows for one to test not just the whole backup set, but whatever is new on the set to detect bad data on recent info.
Backups require a chain of items to work correctly come restore time. You have to have something to read the backup media if its stored on CDs, DVDs, or tapes. You have to have the correct software and version of software. You also have to be able to get a dead machine in some state to be able to be restored, either by booting an OS or BartPE CD to start a restore, installing a temporary copy of the OS to recover over, or booting another instance of the OS from an external hard disk to restore to the original OS's volumes.
I have seen people backup religiously, test their stuff, then when disaster strikes, they find their trusty tape drive has a sync or timing problem, so all the tapes written on that tape drive only work on that drive and no other drives. I've seen other people backup religiously onto stacks of CD-Rs, only to discover that nobody makes the software that can read it come 5 years later, the backup software company is out of business that makes the software, and a copy of archival data is needed for tax reasons.
If you want to be sure of your backups, use more than one method of backing your stuff up. I know some companies who back up their production critical server data four ways, with two tape autochangers hanging off from each critical server. One backup is done over the network via Networker. The machines sport a local copy of Backup Exec with bare metal restore ability, and periodically dump themselves completely to the local library. Then, the database program backs itself up to its own tape library, and the tapes changed weekly and stored offsite (encrypted, of course). Finally, the database archive logs are saved to disk, and are copied via rsync to an offsite location every so often. This helps mitigate damage should in the future tape hardware become unavailable, or other bad stuff happen. Worst comes to worst, the offsite host with the archive logs can be made into a database server.